yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-18 12:31:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

aria: turn macro into static inline function

Browse source 
Besides documenting types better and so on, this give the compiler more room
to optimise either for size or performance.

Here are some before/after measurements of:
- size of aria.o in bytes (less is better)
- instruction count for the selftest function (less is better)
with various -O flags.

Before:
O	aria.o	ins
s	10896	37,256
2	11176	37,199
3	12248	27,752

After:
O	aria.o	ins
s	8784	41,408
2	11112	37,001
3	13096	27,438

The new version allows the compiler to reach smaller size with -Os while
maintaining (actually slightly improving) performance with -O2 and -O3.

Measurements were done on x86_64 (but since this is mainly about inlining
code, this should transpose well to other platforms) using the following
helper program and script, after disabling CBC, CFB and CTR in config.h, in
order to focus on the core functions.

==> st.c <==
 #include "mbedtls/aria.h"

int main( void ) {
    return mbedtls_aria_self_test( 0 );
}

==> p.sh <==
 #!/bin/sh

set -eu

ccount () {
    (
    valgrind --tool=callgrind --dump-line=no --callgrind-out-file=/dev/null --collect-atstart=no --toggle-collect=main $1
    ) 2>&1 | sed -n -e 's/.*refs: *\([0-9,]*\)/\1/p'
}

printf "O\taria.o\tins\n"
for O in s 2 3; do
    GCC="gcc -Wall -Wextra -Werror -Iinclude"

    $GCC -O$O -c library/aria.c
    $GCC -O1 st.c aria.o -o st
   ./st

    SIZE=$( du -b aria.o | cut -f1 )
    INS=$( ccount ./st )

    printf "$O\t$SIZE\t$INS\n"
done
This commit is contained in:
Manuel Pégourié-Gonnard 2018-02-21 12:03:22 +01:00
parent 62e813ca62
commit 8c76a9489e
1 changed files with 51 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

87
library/aria.c
View file

@ -118,38 +118,53 @@ static void mbedtls_zeroize( void *v, size_t n ) {
* By passing sb1, sb2, is1, is2 as S-Boxes you get SL1-then-A.
* By passing is1, is2, sb1, sb2 as S-Boxes you get SL2-then-A.
*/
#define ARIA_SLA( ra, rb, rc, rd, sa, sb, sc, sd ) { \
uint32_t ta, tb, tc; \
ta = ( (uint32_t) sc[(rb >> 16) & 0xFF]) ^ \
(((uint32_t) sd[ rb >> 24]) << 8) ^ \
(((uint32_t) sa[ rb & 0xFF]) << 16) ^ \
(((uint32_t) sb[(rb >> 8) & 0xFF]) << 24); \
rb = ( (uint32_t) sa[ ra & 0xFF]) ^ \
(((uint32_t) sb[(ra >> 8) & 0xFF]) << 8) ^ \
(((uint32_t) sc[(ra >> 16) & 0xFF]) << 16) ^ \
(((uint32_t) sd[ ra >> 24]) << 24); \
ra = ta; \
ta = ( (uint32_t) sd[ rd >> 24]) ^ \
(((uint32_t) sc[(rd >> 16) & 0xFF]) << 8) ^ \
(((uint32_t) sb[(rd >> 8) & 0xFF]) << 16) ^ \
(((uint32_t) sa[ rd & 0xFF]) << 24); \
rd = ( (uint32_t) sb[(rc >> 8) & 0xFF]) ^ \
(((uint32_t) sa[ rc & 0xFF]) << 8) ^ \
(((uint32_t) sd[ rc >> 24]) << 16) ^ \
(((uint32_t) sc[(rc >> 16) & 0xFF]) << 24); \
rc = ta; \
ta = ARIA_FLIP1( ra ) ^ rd; \
tc = ARIA_FLIP1( rb ); \
ta = ARIA_FLIP2( ta ) ^ tc ^ rc; \
tb = ARIA_FLIP2( rc ) ^ ARIA_FLIP1( rd ); \
tc ^= ARIA_FLIP2( ra ); \
rb ^= ta ^ tb; \
tb = ARIA_FLIP1( tb ) ^ ta; \
ra ^= ARIA_FLIP2( tb ); \
ta = ARIA_FLIP1( ta ); \
rd ^= ARIA_FLIP2( ta ) ^ tc; \
tc = ARIA_FLIP1( tc ); \
rc ^= ARIA_FLIP2( tc ) ^ ta; \
static inline void aria_sla( uint32_t *a, uint32_t *b,
uint32_t *c, uint32_t *d,
const uint8_t sa[0x100], const uint8_t sb[0x100],
const uint8_t sc[0x100], const uint8_t sd[0x100] )
{
uint32_t ra, rb, rc, rd, ta, tb, tc;
ra = *a;
rb = *b;
rc = *c;
rd = *d;
ta = ( (uint32_t) sc[(rb >> 16) & 0xFF]) ^
(((uint32_t) sd[ rb >> 24]) << 8) ^
(((uint32_t) sa[ rb & 0xFF]) << 16) ^
(((uint32_t) sb[(rb >> 8) & 0xFF]) << 24);
rb = ( (uint32_t) sa[ ra & 0xFF]) ^
(((uint32_t) sb[(ra >> 8) & 0xFF]) << 8) ^
(((uint32_t) sc[(ra >> 16) & 0xFF]) << 16) ^
(((uint32_t) sd[ ra >> 24]) << 24);
ra = ta;
ta = ( (uint32_t) sd[ rd >> 24]) ^
(((uint32_t) sc[(rd >> 16) & 0xFF]) << 8) ^
(((uint32_t) sb[(rd >> 8) & 0xFF]) << 16) ^
(((uint32_t) sa[ rd & 0xFF]) << 24);
rd = ( (uint32_t) sb[(rc >> 8) & 0xFF]) ^
(((uint32_t) sa[ rc & 0xFF]) << 8) ^
(((uint32_t) sd[ rc >> 24]) << 16) ^
(((uint32_t) sc[(rc >> 16) & 0xFF]) << 24);
rc = ta;
ta = ARIA_FLIP1( ra ) ^ rd;
tc = ARIA_FLIP1( rb );
ta = ARIA_FLIP2( ta ) ^ tc ^ rc;
tb = ARIA_FLIP2( rc ) ^ ARIA_FLIP1( rd );
tc ^= ARIA_FLIP2( ra );
rb ^= ta ^ tb;
tb = ARIA_FLIP1( tb ) ^ ta;
ra ^= ARIA_FLIP2( tb );
ta = ARIA_FLIP1( ta );
rd ^= ARIA_FLIP2( ta ) ^ tc;
tc = ARIA_FLIP1( tc );
rc ^= ARIA_FLIP2( tc ) ^ ta;
*a = ra;
*b = rb;
*c = rc;
*d = rd;
}
/*
@ -272,7 +287,7 @@ static void aria_fo_xor( uint32_t r[4],
c = p[2] ^ k[2];
d = p[3] ^ k[3];
ARIA_SLA( a, b, c, d, aria_sb1, aria_sb2, aria_is1, aria_is2 );
aria_sla( &a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2 );
r[0] = a ^ x[0];
r[1] = b ^ x[1];
@ -293,7 +308,7 @@ static void aria_fe_xor(uint32_t r[4],
c = p[2] ^ k[2];
d = p[3] ^ k[3];
ARIA_SLA( a, b, c, d, aria_is1, aria_is2, aria_sb1, aria_sb2 );
aria_sla( &a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2 );
r[0] = a ^ x[0];
r[1] = b ^ x[1];
@ -447,7 +462,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
c ^= ctx->rk[i][2];
d ^= ctx->rk[i][3];
i++;
ARIA_SLA( a, b, c, d, aria_sb1, aria_sb2, aria_is1, aria_is2 );
aria_sla( &a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2 );
a ^= ctx->rk[i][0];
b ^= ctx->rk[i][1];
@ -457,7 +472,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
if (i >= ctx->nr)
break;
ARIA_SLA( a, b, c, d, aria_is1, aria_is2, aria_sb1, aria_sb2 );
aria_sla( &a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2 );
}
/* final substitution */